使用适用于 Java 的 AWS 开发工具包管理集群安全组 - Amazon Redshift
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

使用适用于 Java 的 AWS 开发工具包管理集群安全组

以下示例演示了可对群集安全组执行的常见操作,包括:

  • 创建新的群集安全组。

  • 向群集安全组添加入口规则。

  • 通过修改群集配置将群集安全组与群集关联起来。

默认情况下,新的群集安全组在创建完成后没有入口规则。此示例通过添加两个入口规则来修改新的群集安全组。一个入口规则是通过指定 CIDR/IP 范围添加的,另一个入口规则是通过指定所有者 ID 和 Amazon EC2 安全组组合添加的。

有关运行以下示例的分步说明,请参阅 使用 Eclipse 运行 Amazon Redshift 的 Java 示例。您需要更新该代码,并提供群集标识符和 AWS 账号。

/** * Copyright 2010-2019 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * This file is licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. A copy of * the License is located at * * http://aws.amazon.com/apache2.0/ * * This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the * specific language governing permissions and limitations under the License. */ // snippet-sourcedescription:[CreateAndModifyClusterSecurityGroup demonstrates how to create and modify an Amazon Redshift security group.] // snippet-service:[redshift] // snippet-keyword:[Java] // snippet-keyword:[Amazon Redshift] // snippet-keyword:[Code Sample] // snippet-keyword:[CreateClusterSecurityGroup] // snippet-keyword:[DescribeClusterSecurityGroups] // snippet-sourcetype:[full-example] // snippet-sourcedate:[2019-02-01] // snippet-sourceauthor:[AWS] // snippet-start:[redshift.java.CreateAndModifyClusterSecurityGroup.complete] package com.amazonaws.services.redshift; import java.io.IOException; import java.util.ArrayList; import java.util.List; import com.amazonaws.services.redshift.model.*; public class CreateAndModifyClusterSecurityGroup { public static AmazonRedshift client; public static String clusterSecurityGroupName = "securitygroup1"; public static String clusterIdentifier = "***provide a cluster identifier***"; public static String ownerID = "***provide a 12-digit account number***"; public static void main(String[] args) throws IOException { // Default client using the {@link com.amazonaws.auth.DefaultAWSCredentialsProviderChain} client = AmazonRedshiftClientBuilder.defaultClient(); try { createClusterSecurityGroup(); describeClusterSecurityGroups(); addIngressRules(); associateSecurityGroupWithCluster(); } catch (Exception e) { System.err.println("Operation failed: " + e.getMessage()); } } private static void createClusterSecurityGroup() { CreateClusterSecurityGroupRequest request = new CreateClusterSecurityGroupRequest() .withDescription("my cluster security group") .withClusterSecurityGroupName(clusterSecurityGroupName); client.createClusterSecurityGroup(request); System.out.format("Created cluster security group: '%s'\n", clusterSecurityGroupName); } private static void addIngressRules() { AuthorizeClusterSecurityGroupIngressRequest request = new AuthorizeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName(clusterSecurityGroupName) .withCIDRIP("192.168.40.5/32"); ClusterSecurityGroup result = client.authorizeClusterSecurityGroupIngress(request); request = new AuthorizeClusterSecurityGroupIngressRequest() .withClusterSecurityGroupName(clusterSecurityGroupName) .withEC2SecurityGroupName("default") .withEC2SecurityGroupOwnerId(ownerID); result = client.authorizeClusterSecurityGroupIngress(request); System.out.format("\nAdded ingress rules to security group '%s'\n", clusterSecurityGroupName); printResultSecurityGroup(result); } private static void associateSecurityGroupWithCluster() { // Get existing security groups used by the cluster. DescribeClustersRequest request = new DescribeClustersRequest() .withClusterIdentifier(clusterIdentifier); DescribeClustersResult result = client.describeClusters(request); List<ClusterSecurityGroupMembership> membershipList = result.getClusters().get(0).getClusterSecurityGroups(); List<String> secGroupNames = new ArrayList<String>(); for (ClusterSecurityGroupMembership mem : membershipList) { secGroupNames.add(mem.getClusterSecurityGroupName()); } // Add new security group to the list. secGroupNames.add(clusterSecurityGroupName); // Apply the change to the cluster. ModifyClusterRequest request2 = new ModifyClusterRequest() .withClusterIdentifier(clusterIdentifier) .withClusterSecurityGroups(secGroupNames); Cluster result2 = client.modifyCluster(request2); System.out.format("\nAssociated security group '%s' to cluster '%s'.", clusterSecurityGroupName, clusterIdentifier); } private static void describeClusterSecurityGroups() { DescribeClusterSecurityGroupsRequest request = new DescribeClusterSecurityGroupsRequest(); DescribeClusterSecurityGroupsResult result = client.describeClusterSecurityGroups(request); printResultSecurityGroups(result.getClusterSecurityGroups()); } private static void printResultSecurityGroups(List<ClusterSecurityGroup> groups) { if (groups == null) { System.out.println("\nDescribe cluster security groups result is null."); return; } System.out.println("\nPrinting security group results:"); for (ClusterSecurityGroup group : groups) { printResultSecurityGroup(group); } } private static void printResultSecurityGroup(ClusterSecurityGroup group) { System.out.format("\nName: '%s', Description: '%s'\n", group.getClusterSecurityGroupName(), group.getDescription()); for (EC2SecurityGroup g : group.getEC2SecurityGroups()) { System.out.format("EC2group: '%s', '%s', '%s'\n", g.getEC2SecurityGroupName(), g.getEC2SecurityGroupOwnerId(), g.getStatus()); } for (IPRange range : group.getIPRanges()) { System.out.format("IPRanges: '%s', '%s'\n", range.getCIDRIP(), range.getStatus()); } } } // snippet-end:[redshift.java.CreateAndModifyClusterSecurityGroup.complete]